Files
2026-07-13 13:16:30 +08:00

3.1 KiB

Security Policy

Supported Versions

Version Supported
1.0.x

Reporting a Vulnerability

Please do NOT open a public GitHub issue for security vulnerabilities.

Instead, please report them responsibly:

  1. GitHub: Use GitHub Security Advisories

What to Include

  • Description of the vulnerability
  • Steps to reproduce
  • Impact assessment
  • Suggested fix (if any)

Response Timeline

  • Acknowledgment: Within 48 hours
  • Assessment: Within 1 week
  • Fix: Within 2 weeks for critical issues

Security Architecture

OpenClaw on Android runs standard Linux binaries on Android without proot-distro. The security model is shaped by this unique execution environment.

Execution Isolation

┌─────────────────────────────────────────────┐
│ Android Kernel (SELinux enforced)            │
│ ┌─────────────────────────────────────────┐ │
│ │ Termux sandbox (/data/data/com.termux)  │ │
│ │ ┌─────────────────────────────────────┐ │ │
│ │ │ glibc-runner (ld.so userspace only) │ │ │
│ │ │ Node.js → OpenClaw                  │ │ │
│ │ └─────────────────────────────────────┘ │ │
│ └─────────────────────────────────────────┘ │
└─────────────────────────────────────────────┘

Isolation Layers

  1. Android app sandbox — Termux runs in its own Linux user namespace; no access to other app data
  2. SELinux — Android's mandatory access control applies to all Termux processes
  3. No root required — The entire stack runs as a regular unprivileged user
  4. No proot — No filesystem translation layer; glibc-runner provides only the dynamic linker
  5. Path conversion — Standard Linux paths (/tmp, /bin/sh) are mapped to Termux equivalents at install time, not at runtime via syscall interception

What We Protect Against

  • Unauthorized access to Android system or other app data (enforced by Android sandbox)
  • Arbitrary code execution outside Termux (prevented by SELinux + app sandbox)
  • Path traversal from Termux into Android system paths (Termux prefix isolation)

What Is Out of Scope

  • Vulnerabilities in OpenClaw core (report to OpenClaw upstream)
  • Vulnerabilities in Termux (report to Termux)
  • Vulnerabilities in glibc-runner (report to termux-pacman)
  • Device-level security (rooted devices, unlocked bootloaders)